I currently have 4 indexers setup as VMs. Each indexer has dedicated LUNs for their data. I'm trying to find a way to preserve data while condensing the 4 virtual indexers into a single dedicated h...
...he client pc?
I'm basically looking fora solution that can be run from the client machine itself and I can then extract data out of the in-scope servers using custom queries / search pattern. Not s...
...o splunk retains the data over time, like I want only 1 day info from the file, but splunk has all the dataindexed How can I return only the datafor the day, not forall data in splunk indes? t...
Hello,
I've an index where all my data is stored and I want to create 2 savedsearch :
- one with all the data (i have to create this one because there are others sourcetype that i don't w...
Hello,
I have a Splunk ES instance on AWS. All logs are forwarded there from a Splunk HF (full forwarding - no indexing) which collects Active Directory data. Domain is accessible only via VPN.
I...
...plitted and redirect to other indexes, with naming convention ot_<tecnology>. Inputs.conf involved file is placed under adedicatedapp, named simply customer_inputs. The procedure to use is v...
Hello,
Have searched community forum and developer area but haven't found resources for this. Is there documentation on how to create events that will be indexed into the Splunk PCI reports? T...
We had some feeds with host="unassigned". the following tstats will not return any result for some feeds, but it works for some other feeds:
tstats count where index=aindex by host,sourcetype,index